[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[minion-cvs] Backends for key rotation
Update of /home/minion/cvsroot/src/minion/lib/mixminion/server
In directory moria.mit.edu:/tmp/cvs-serv30017/lib/mixminion/server
Modified Files:
MMTPServer.py PacketHandler.py ServerKeys.py
Log Message:
Backends for key rotation
Index: MMTPServer.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/server/MMTPServer.py,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- MMTPServer.py 7 Apr 2003 01:13:54 -0000 1.22
+++ MMTPServer.py 18 Apr 2003 18:32:36 -0000 1.23
@@ -869,6 +869,11 @@
self._timeout = config['Server']['Timeout'][2]
self.clientConByAddr = {}
+ def setContext(self, context):
+ """Change the TLS context used for newly received connections.
+ Used to rotate keys."""
+ self.context = context
+
def getNextTimeoutTime(self, now):
"""Return the time at which we next purge connections, if we have
last done so at time 'now'."""
Index: PacketHandler.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/server/PacketHandler.py,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- PacketHandler.py 20 Feb 2003 16:57:40 -0000 1.12
+++ PacketHandler.py 18 Apr 2003 18:32:36 -0000 1.13
@@ -4,6 +4,7 @@
"""mixminion.PacketHandler: Code to process mixminion packets on a server"""
import binascii
+import threading
from mixminion.Common import encodeBase64, formatBase64
import mixminion.Crypto as Crypto
@@ -46,18 +47,48 @@
self.hashlog = hashlog
except TypeError:
# Privatekey is not be subscriptable; we must have only one.
- self.privatekey = (privatekey, )
- self.hashlog = (hashlog, )
+ self.privatekey = [privatekey]
+ self.hashlog = [hashlog]
+
+ self.lock = threading.Lock()
+
+ def addKey(self, key, hashlog):
+ """DOCDOC"""
+ self.lock.acquire()
+ self.privatekey.append(key)
+ self.hashlog.append(hashlog)
+ self.lock.release()
+ def removeKey(self, key):
+ """DOCDOC"""
+ self.lock.acquire()
+ try:
+ enc = key.encode_key(1)
+ for i in range(len(self.privatekey)):
+ k = self.privatekey[i]
+ if k.enc(1) == enc:
+ del self.privatekey[i]
+ hlog = self.hashlog[i]
+ del self.hashlog[i]
+ hlog.close()
+ return
+ raise KeyError
+ finally:
+ self.lock.release()
+
def syncLogs(self):
"""Sync all this PacketHandler's hashlogs."""
+ self.lock.acquire()
for h in self.hashlog:
h.sync()
+ self.lock.release()
def close(self):
"""Close all this PacketHandler's hashlogs."""
+ self.lock.acquire()
for h in self.hashlog:
h.close()
+ self.lock.release()
def processMessage(self, msg):
"""Given a 32K mixminion message, processes it completely.
@@ -84,12 +115,16 @@
# order. Only fail if all private keys fail.
subh = None
e = None
- for pk, hashlog in zip(self.privatekey, self.hashlog):
- try:
- subh = Crypto.pk_decrypt(header1[0], pk)
- break
- except Crypto.CryptoError, err:
- e = err
+ self.lock.acquire()
+ try:
+ for pk, hashlog in zip(self.privatekey, self.hashlog):
+ try:
+ subh = Crypto.pk_decrypt(header1[0], pk)
+ break
+ except Crypto.CryptoError, err:
+ e = err
+ finally:
+ self.lock.release()
if not subh:
# Nobody managed to get us the first subheader. Raise the
# most-recently-received error.
Index: ServerKeys.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/server/ServerKeys.py,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- ServerKeys.py 18 Apr 2003 17:41:38 -0000 1.17
+++ ServerKeys.py 18 Apr 2003 18:32:36 -0000 1.18
@@ -578,7 +578,7 @@
"PacketFormat" : "%s.%s"%(mixminion.Packet.MAJOR_NO,
mixminion.Packet.MINOR_NO),
"mm_version" : mixminion.__version__
-
+ }
# If we don't know our IP address, try to guess
if fields['IP'] == '0.0.0.0':